Secunia Advisory: SA28134
Release Date: 2007-12-18
Last Update: 2007-12-21
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: iMesh 7.x
CVE reference: CVE-2007-6492 (Secunia mirror)
CVE-2007-6493 (Secunia mirror)
Description:
rgod has discovered a vulnerability in iMesh, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an input validation error in the IMWeb.IMWebControl.1 ActiveX control (IMWebControl.dll) and can be exploited to execute arbitrary code by calling the "SetHandler()" and "ProcessRequestEx()" methods, respectively.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 7.1.0.37263. Other versions may also be affected.
Solution:
Set the kill-bit for the affected ActiveX control.
Bollettino di Sicurezza
Per chi non sapesse cos'è imesh
La vulnerabilità è grave e attualmente non ci sono patch
Release Date: 2007-12-18
Last Update: 2007-12-21
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: iMesh 7.x
CVE reference: CVE-2007-6492 (Secunia mirror)
CVE-2007-6493 (Secunia mirror)
Description:
rgod has discovered a vulnerability in iMesh, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an input validation error in the IMWeb.IMWebControl.1 ActiveX control (IMWebControl.dll) and can be exploited to execute arbitrary code by calling the "SetHandler()" and "ProcessRequestEx()" methods, respectively.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 7.1.0.37263. Other versions may also be affected.
Solution:
Set the kill-bit for the affected ActiveX control.
Bollettino di Sicurezza
Per chi non sapesse cos'è imesh
La vulnerabilità è grave e attualmente non ci sono patch